# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import("//build/config/security/security_config.gni") config("auto_var_init_configs") { if (using_security_flag && !is_mingw) { assert( is_clang, "currently, automatic variable initialization only supported with clang") configs = [ ":auto_var_zero_init_config" ] } } all_security_configs = [ ":auto_var_init_configs" ] # This config is applied by default to all targets. It sets the compiler flags # for automatic variable initialization, or, if no config is set, does nothing. config("default_security_configs") { configs = all_security_configs } # Set the uninitialized local variables to pattern. config("auto_var_pattern_init_config") { cflags = [ "-ftrivial-auto-var-init=pattern" ] } # Set the uninitialized local variables to zero. But it will be removed from clang int the future. # Currently, enabling the config of pattern for all components is impractical and may cause system # instability. So on the premise that the system is stable, the config of zero need to be gradually replaced with # the config of pattern. config("auto_var_zero_init_config") { cflags = [ "-ftrivial-auto-var-init=zero", "-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang", ] } # Do not set the uninitialized local variables to any value. config("auto_var_uninit_config") { cflags = [ "-ftrivial-auto-var-init=uninitialized" ] } # Stack protection. config("stack_protector_config") { cflags = [] if (is_mac) { if (is_debug) { cflags += [ "-fstack-protector-strong" ] } else { cflags += [ "-fstack-protector" ] } } else if (is_posix && !is_chromeos && !is_nacl) { if (is_mingw) { cflags += [ "-fno-stack-protector" ] } else if (is_ohos && current_cpu == "x86") { cflags += [ "-fno-stack-protector" ] } else if (current_os != "aix") { cflags += [ "-fstack-protector-strong" ] } } } config("stack_protector_ret_all_config") { cflags = [] if (is_mac) { if (is_debug) { cflags += [ "-fstack-protector-strong" ] } else { cflags += [ "-fstack-protector" ] } } else if (is_posix && !is_chromeos && !is_nacl) { if (is_mingw) { cflags += [ "-fno-stack-protector" ] } else if (is_ohos && current_cpu == "x86") { cflags += [ "-fno-stack-protector" ] } else if (current_os != "aix") { if (support_stack_protector_ret == true) { cflags += [ "-fstack-protector-ret-all", "--param=ssp-ret-cookie-size=1000", ] } else { cflags += [ "-fstack-protector-strong" ] } } } } config("stack_protector_ret_strong_config") { cflags = [] if (is_mac) { if (is_debug) { cflags += [ "-fstack-protector-strong" ] } else { cflags += [ "-fstack-protector" ] } } else if (is_posix && !is_chromeos && !is_nacl) { if (is_mingw) { cflags += [ "-fno-stack-protector" ] } else if (is_ohos && current_cpu == "x86") { cflags += [ "-fno-stack-protector" ] } else if (current_os != "aix") { if (support_stack_protector_ret == true) { cflags += [ "-fstack-protector-ret-strong" ] } else { cflags += [ "-fstack-protector-strong" ] } } } } #-fPIC or fpic config("pic_config") { cflags = [ "-fPIC" ] ldflags = [ "-fPIC" ] } #-Wl,-z,noexecstack. #-Wl,-z,now. #-Wl,-z,relro. config("-Wl-z_config") { ldflags = [ "-Wl,-z,noexecstack", "-Wl,-z,now", "-Wl,-z,relro", ] } #pie config("executable_config") { cflags = [ "-fPIE" ] asmflags = [ "-fPIE" ] ldflags = [ "-pie" ] }